Hackers used Samsung website to access Sprint’s customer data

Sprint Corporation, an American telecommunications company has announced that it has suffered a data breach after unknown hackers accessed customer accounts credentials using the Samsung.com “add a line” website.

Originally, the company was informed about the breach on June 22nd, 2019. The personal information which was accessed in the incident included full names, phone numbers, billing address, device ID,  device type, subscriber ID, account creation date, account number, monthly recurring charges, upgrade eligibility and add-on services.

See: Hacker extracts customer data from Canadian Telecom Firm after rebuttal

Although, it is unclear how many customers have been impacted, the breach notification notice sent to customers stated that “Your account PIN may have been compromised, so we reset your PIN just in case in order to protect your account.”

The company further said that all targeted accounts were re-secured on June 25, 2019.

“Sprint has taken appropriate action to secure your account from unauthorized access and has not identified any fraudulent activity associated with your account at this time,” the company claimed.

Sprint has apologized for the breach and urged that customers should follow preventative measures recommended by the Federal Trade Commission (FTC).

“As a precautionary measure, we recommend that you take the preventative measures that are recommended by the Federal Trade Commission (FTC) to help protect you from fraud and identity theft. These preventative measures are included at the end of this letter. You may review this information on the FTC’s website at www.ftc.gov/idtheft and www.IdentityTheft.gov or contact the FTC directly by phone at 1-877-438-4338 or by mail at 600 Pennsylvania Avenue, NW, Washington, DC 20580.”

Sprint is also asking customers to follow below-mentioned steps to keep their accounts protected from malicious access:

1. Place a fraud alert on your credit reports, and review your credit reports.
2. Close the accounts that you believe have been tampered with or opened fraudulently.
3. File a report with your local police or the police in the community where the identity theft took place.
4. Visit the Federal Trade Commission’s Identity Theft website, IdentityTheft.gov, or for more information on reporting and recovering from identity theft.
5. Contact your state’s Attorney General or Consumer Protection Agency for more information on reporting and recovering from identity theft.

See: Samsung Galaxy S10’ biometric sensor hackable with copy of owner’s fingerprint

This, however, is not the first time when Sprit has suffered a data breach. In May this year, Sprint-owned virtual mobile network operator Boost Mobile informed its customers that it suffered a data breach allowing hackers to access some user accounts – The total number of impacted customers was not shared with the public.

Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.

Related Posts